Jan 10 2019 07:29 AM
Hi everyone,
we figured out a behavior with sharing items/documents in SharePoint which from our point of view is a bug.
Let us assume that the user "Jon Doe" is the owner of a SharePoint Site Collection / Web. Now another user navigates to a document in a library, selects a document and clicks the "Share" action. Than he chooses "People with existing access"
We select "John Doe" who already has access to this document because he is the owner of the site and click "Apply".
SharePoint now breaks the role inheritance of the item and inserts Johns dedicated account. The expected behavior should be: SharePoint recognizes that John already has access and simply sends him the link.
The actual behavior leads to unnecessary item level permission which where hard to monitor and control in terms of security and governance.
Any advice, ideas or tipps on how to assign this to the right people at Microsoft?
Thanks
Björn
Feb 07 2020 10:24 AM - edited Feb 07 2020 10:25 AM
@Stephen RiceAh, okay. That was helpful - thanks!
When I try to run that command, I get the following error. Any ideas?
Set-SPOSite : Parameter set cannot be resolved using the specified named parameters.
At line:1 char:1
+ Set-SPOSite -IDentity https://xxxxxxx.sharepoint.com -DefaultLi ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidArgument: (:) [Set-SPOSite], ParameterBindingException
+ FullyQualifiedErrorId : AmbiguousParameterSet,Microsoft.Online.SharePoint.PowerShell.SetSite
Feb 07 2020 10:27 AM
Odd! Can you try tab completion on the commands to make sure I typed them out right? :) Thanks!
Stephen Rice
Feb 07 2020 10:46 AM
Feb 07 2020 11:03 AM
@Stephen Rice It seems like PowerShell isn't recognizing the parameter at all. See attached
Feb 07 2020 11:07 AM
Hey @zacheriah,
Chris is correct. This command only works on individual site collections (e.g. contoso.sharepoint.com/teams/AlphaProject) instead of on the admin site collection. Thanks!
Stephen Rice
Senior Program Manager, OneDrive
Feb 07 2020 11:13 AM - edited Feb 07 2020 11:17 AM
@Stephen Rice Hi Stephen,
I didn't think I was trying to perform the action on the admin site collection. https://tenant.sharepoint.com is the URL for one of our sites (the root site). However, even trying this on a different site doesn't work. See attached.
Thanks for all your help! Sorry about this - my powershell knowledge is limited.
Edit: updated screenshot
Feb 25 2020 02:43 PM
Hi @zacheriah,
Sorry for the slow response. I tried things on my side and it seemed to be working. Can you confirm you have the latest version of the SharePoint Online Management Shell? Barring that, we are shipping UI for this feature as well which should be available soon. If you can hold off until that is released, you will be able to set this via UI and ditch all the PowerShell entirely :) Thanks!
Stephen Rice
Senior Program Manager, OneDrive
Mar 24 2020 10:55 AM
@Stephen Rice Is there a way for this to be set as the Default and even change all the existing sites? Would be nice if something like SetSPOTenant -DefaultLinkToExistingAccess $true would just run for all sites.
Why is this option not in the UI and seems to only exist with PowerShell?
I found that even the Teams sites default to -DefaultLinkToExistingAccess $false.
Do not want to manually have to keep going back whenever a new site collection is created? Especially when Teams are managed by someone else.
As of today I have 107 sites that I will either have to script a loop for or manually type all the Identities.
Mar 25 2020 10:26 AM
Hi @Forrest Hoffman,
There is no way to set this as the default for the entire tenant at this time.
This is PowerShell only right now but the UI to enable this should be rolling out soon in the modern SPO Admin Center.
Thanks for the feedback!
Stephen Rice
Senior Program Manager, OneDrive
Mar 25 2020 10:31 AM
Apr 13 2020 03:29 PM
@Stephen Rice , This powershell is at least a start, but I can't get this to work on any SPO site that has been created by an O365 Group, hence a SPO site created by Teams. It will work on any site created from SPO Admin Tenant. Will this be available to work on SPO Sites created by Groups? It will be essential to our architecture, often times we have the Teams site and Group ownership for the Team but then they will have content that needs to be shared outside of the Teams and we use the attached SPO site for this which has assigned permissions access that have been given to a larger group, minus the associated Document Library. For groups can you use -DefaultSharingLinkType and change that parameter to Existing Access somehow?
Set-SPOSite -identity https://*******.sharepoint.com/sites/BPM -DefaultLinkToExistingAccess 1
Set-SPOSite : https://******.sharepoint.com/sites/BPM is a Groups site collection. The valid parameters for this
type of site collection are '-Identity', '-AllowSelfServiceUpgrade', '-DefaultLinkPermission',
'-DefaultSharingLinkType', '-DenyAddAndCustomizePages', '-DisableCompanyWideSharingLinks',
'-DisableSharingForNonOwners', '-LockState', '-Owner', '-ResourceQuota', '-ResourceQuotaWarningLevel',
'-SandboxedCodeActivationCapability', '-SharingCapability', '-ShowPeoplePickerSuggestionsForGuestUsers',
'-SocialBarOnSitePagesDisabled', '-StorageQuota', '-StorageQuotaReset', and '-StorageQuotaWarningLevel'.
At line:1 char:1
+ Set-SPOSite -identity https://******.sharepoint.com/sites/BPM -De ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [Set-SPOSite], ServerException
+ FullyQualifiedErrorId : Microsoft.SharePoint.Client.ServerException,Microsoft.Online.SharePoint.PowerShell.SetSi
te
Apr 13 2020 03:34 PM
Hi @tyeseye,
This should be available on Group sites today. Please try updating to the latest version of PowerShell (I had this problem this morning when I attempted to do the same thing ). You can also use the new UI for the feature in the modern SharePoint admin center! You just need to select the site and open the sharing panel and it should be there. Hope that helps!
Stephen Rice
Senior Program Manager, OneDrive
Apr 14 2020 08:12 AM
Thank you @Stephen Rice really appreciate it, I will update my PS now.
Cheers,
Tye Eyden
Business System Analyst
New Belgium